Finding the right public cloud provider is no picnic. You need to know your requirements and ask the right questions...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
to make an informed decision.
First, data and workloads are always commingled across the provider's infrastructure. Providers can ensure data resides on specific servers or in certain data centers, but that goes against the premise of cloud computing -- and will cost a premium. Second, cloud providers are critical business partners and a level of trust is essential. If you don't trust your provider to meet service-level agreements (SLAs) or cannot tolerate the risks, look to another cloud provider or re-evaluate your cloud needs.
There are reasons to be confident about data separation when you select a cloud provider. To start, look for cloud providers familiar with your industry. Amazon Web Services touts compliance with U.S. Department of Defense (DoD) Level 3-5 authorization for sensitive workloads. That's important for government cloud users. Be sure the cloud provider understands your vertical market's needs and regulations. If you're a healthcare or retail organization and a prospective cloud provider doesn't meet HIPAA or PCI DSS regulations, move on.
Read every line of your cloud SLA and make sure you understand it. SLAs naturally benefit providers, so look for written discussions of data separation or geolocation commitments. That's your foundation for legal action after a breach. If the SLA doesn't guarantee geolocation limits on workloads and data storage, the provider is not obligated to comply. Additionally, don't get stuck with a provider that won't commit to geographic data separation in writing. Remember, SLAs change periodically, so watch for revisions that undermine data separation guarantees.
Look for transparency and auditing support. Is the public cloud provider open about government data requests, unauthorized access attempts, attack incidents and other issues? Unfortunately for users, many cloud providers do not reveal such information. To ensure regulatory compliance, the provider should be able to audit activity on your workloads and data stores. If not, then it's on to the next prospective provider.
Finally, consider the strength of the provider's access security. Organizations with sensitive data can receive additional security with multifactor authentication techniques beyond simple usernames and passwords -- including token-based authentication that uses USB dongles or physical credit cards. Strong authentication boosts virtual data separation security.
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at firstname.lastname@example.org.
Where are the top cloud providers of 2012 now?
Mission-critical apps need strong SLA in public cloud
Having a public cloud provider backup plan for hybrid cloud
Dig Deeper on Public cloud providers
Related Q&A from Stephen J. Bigelow
RAID 5 and RAID 6 are two types of erasure coding. The former protects data with basic parity, while the latter builds in a second layer of parity ...continue reading
Cleanly divided and straightforward applications are good candidates for a container-based deployment, whereas complex applications pose more ...continue reading
Assessing the impact of containers on application workloads can be extremely challenging, partially because of how quickly containers are spun up and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.